Manage Windows with Ansible with Kerberos Active Directory authentication
HTML-код
- Опубликовано: 27 окт 2021
- In this technical overview, we will take a look at how to manage Windows with Ansible, including looking at setting up the prerequisites for installing Ansible for Windows management, as well as installing Ansible itself.
We will take a dive into configuring your Ansible environment for Kerberos authentication which allows setting up Ansible to authenticate with your Active Directory domain. This is extremely important in Active Directory environments.
You can clone down the shell script from my Github repository located here:
github.com/brandonleegit/ansi...
Also, the commands to run are:
sudo apt-get install gcc python-dev libkrb5-dev -y
sudo apt-get install python3-pip -y
sudo pip3 install --upgrade pip
sudo pip3 install --upgrade virtualenv
pip3 install pywinrm
sudo apt install krb5-user -y
sudo apt-get install python3-kerberos -y
sudo pip3 install ansible
By installing the above prerequisites and Ansible, you can easily manage your Windows servers in just a few steps.
Visit the official Ansible documentation located here:
docs.ansible.com/
Take a look at my detailed write-up on how to configure Ansible with Kerberos authentication here:
www.virtualizationhowto.com/2...
Also, check out Virtualizationhowto.com to read more about Ansible and many other topics around cloud, virtualization, networking, automation, security, and much more.
www.virtualizationhowto.com/ 
Хобби
Appreciate the knowledge and step by step explanations. Once again Thank you!
Thanks for posting looking at doing a POC at work.
Thank you Tony for your comment 👍
Hi, thanks for the video it helps me a lot !
Glad it helped!
Thanks for this nice and clear instruction. Have you ever used winrm or Kerberos inside of tower or awx? I have it all working under ansible cli but we would like to switch to using the FREE AWX WEB GUI. Can't find a nice guide to pick up and shift a working cli setup to the GUI ...
Urs, thank you for the comment! I have covered this on my blog quite a while ago. I was using Ansible Tower in the tutorial. However, the instructions should be the same for AWX. Check out the post here: www.virtualizationhowto.com/2018/05/manage-and-configure-windows-servers-with-ansible-tower/
Question please: does the domain account absolutely need to be have been added to an administrator group on the windows vm already? before being able to authenticate with that user?
Administrator permissions are not required as long as winrm is configured to accept the user connection and the user has permissions to perform the tasks you are trying to perform on the target Windows system.
So you managed to ping the windows server without any prerequisites done on it's side? Even RedHat didn't manage that in their tutorial so either well done or something's missing here.
Using Kerberos domain authentication, there are no prerequisites for making this work. WinRM gets extremely difficult in a workgroup setting though. Also, to be quite honest, there is not a lot of good documentation from a Windows side of things. Much of this I had to learn with trial and error.
how to find default realm?
Niharika, see my blog post here for a more in depth view of Ansible configuration for Kerberos: www.virtualizationhowto.com/2018/04/configure-ansible-windows-server-kerberos-authentication-in-ubuntu/